fix(patch): cherry-pick 42eedc9 to release/v0.27.0-preview.2-pr-17826 to patch version v0.27.0-preview.2 and create version 0.27.0-preview.3

[gemini-cli-robot]

This PR automatically cherry-picks commit 42eedc9 to patch version v0.27.0-preview.2 in the preview release to create version 0.27.0-preview.3.

[gemini-code-assist]

Summary of Changes

Hello @gemini-cli-robot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refines the handling of sensitive extension settings within the CLI. It introduces logic to prevent the storage of empty sensitive values during initial configuration and allows for the explicit removal of existing sensitive settings by providing an empty value during updates. This improves security and user experience by ensuring sensitive data is only stored when intentionally provided and can be easily cleared.

Highlights

• Sensitive Setting Handling: Sensitive settings will no longer be stored in the keychain if an empty value is provided during the initial setup process.
• Sensitive Setting Deletion: Providing an empty value when updating a sensitive setting will now explicitly delete that setting from the keychain.
• Robust Deletion: The system now gracefully handles attempts to delete non-existent sensitive settings, preventing errors.
• Unit Tests: New unit tests have been added to cover these updated behaviors for sensitive setting management.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly changes the handling of empty sensitive settings to delete them from the keychain instead of storing an empty string. This applies to both initial setup and updates. I've added one comment to improve the error handling by preventing the swallowing of unexpected errors and ensuring all caught exceptions are logged for better debugging.

[gemini-code-assist]

The empty catch block is too broad and can swallow important errors, such as when the keychain is unavailable. It should only ignore the specific error for a non-existent secret and re-throw any other errors. Additionally, for debugging purposes, all caught exceptions should be logged, even if they are re-thrown or intentionally ignored.

      } catch (e) {
        // It's okay if the secret doesn't exist, but we should re-throw other errors.
        if (e instanceof Error && e.message.startsWith('No secret found for key:')) {
          // Log the expected ignored error for debugging purposes.
          console.debug(`Keychain access: No secret found for key. Ignoring as expected. Error: ${e.message}`);
        } else {
          // Log unexpected errors before re-throwing to ensure they are captured.
          console.error(`Keychain access: Unexpected error. Re-throwing. Error: ${e.message}`, e);
          throw e;
        }
      }

References

1. When catching exceptions, log the detailed error for debugging instead of providing only a generic error message.

[github-actions]

Size Change: +152 B (0%)

Total Size: 23.5 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	23.5 MB	+152 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}